This was mine, although focused on our needs that I'm sure are different than yours:

Ø Similar to our current product, the LEM enforces security via automated rules and alerts, but with more ease of use allowing the administration of these alerts to be shared among more admins.

Ø LEM is a virtual appliance running on VMWare and conserving resources.

Ø No real limit to data retention. Existing system only holds data for 90 days.

Ø Central repository for IT infrastructure data mining for the entire company providing a single location for troubleshooting and research within Orion.

Ø Infosec has active interest in also using this system for worm detection, “out-of-box” responses, report and data correlating capabilities. This will provide InfoSec with the data needed to research rouge users, VPN usage including contractor’s time in and out along with security features that are not available to us today.

Ø LEM provides “Active Responses” that take actions such as quarantining infected machines, blocking IP addresses. This will take our anti-virus to the next step by preventing an infected machine from infecting others.

Ø Advanced IT search capability makes it easy to discover issues using a drag and drop interface that tracks events instantly.

Ø More than 300 "audit-proven" templates for regulatory compliance including: PCI DSS, GLBA, SOX, NERC CIP, HIPAA. Although this is not needed today, following these procedures can enhance our processes in a similar way that ITIL enhances our procedures.

LEM will eliminate the need for us to spend time creating scripts and queries in order to access the data, as we do today with LogLogic. We have built over 100 custom scripts

We are in a bit of a different situation than most companies because we are a service provider. We were already using LEM for customer solutions and we believe in "eating our own dog food" so it made sense for us to get it as well. Besides my company didn't want me using our customer systems as a test bed for new rules and such.

When I pitch the idea to customers I focus on the single pane of glass for not just Infosec but also for operational data telling stories of how problems were quickly identified by having all of your log data in one place and easily searchable. Basic Firewall and AntiVirus are no longer considered adequate in today's Infosec world and a SIEM such as LEM is really the central focal point of a good security solution as it provides IPS, IDS, and audit capabilities to the environment.

Actions

More Like This

Retrieving data ...

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 130,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process. Learn more today by joining.

SolarWinds uses cookies on its websites to make your online experience easier and better. By using our website,
you consent to our use of cookies. For more information on cookies, see our cookie policy.